Privacy Policy
Effective as of: September 1, 2022
Sprinter Health, Inc., its affiliates, and/or its contracted medical practice entities (collectively, (“Sprinter Health”) is committed to protecting your privacy. This “Privacy Policy” describes how and why we collect information from you or about you through our website at sprinterhealth.com or through our mobile app (collectively our “Website”), how we might use or disclose this information and how you may update or delete certain information about you from our system. The words “you” and “your” herein refer to each Website visitor or user and “we,” “us,” and “our” refer to Sprinter Health. Please note that, unless we define a term in this Privacy Policy, all capitalized terms used herein have the same meanings as in our Terms of Use. Please therefore make sure that you have read and understand our Terms of Use.
By accessing, browsing, and/or using the Website, you are deemed to have accepted the terms of this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use the Website.
We may revise this Privacy Policy from time to time. If we make significant changes to this Privacy Policy, we will post the revised Privacy Policy here. Each version of this Privacy Policy will be identified at the top of the page by its effective date.
COLLECTION AND USE OF PERSONAL INFORMATION
When you visit our Website, we will not collect any personally identifiable information about you unless you provide it to us voluntarily. Even then, we will collect only that information that we think is necessary for our legitimate interests consistent with services offered by Sprinter Health. Such information includes personally identifiable information such as your e-mail address, name, home or work address, telephone number, and such other personally identifiable information which you provide to us to participate in programs or services we offer or which may be offered through third parties (collectively, “Personal Data”). Personal Data does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information, for various purposes, including, without limitation, to improve and promote the Website or Services.
Some reasons you may choose to provide Personal Data are to complete forms or surveys, create accounts, arrange for Services, make payments, or to apply for a job. Our Website may contain forms through which users may request information or supply feedback. In some cases, Personal Data is required so that we can provide the requested information or to process credit card payments. Though providing Personal Data in connection with customer feedback provided through our Website is completely optional, you may choose to provide your name and contact information to facilitate any requested follow-up. Should you provide such Personal Data, on behalf of yourself or a minor patients for whom you are the parent or legal guardian, it will be shared only with employees that need it to respond to questions. Personal Data is also required to set up User Accounts or take advantage of certain online services, such as online bill payment, customer portals, and obtaining the Services. Note that some of these online services may be operated by third party vendors. We recommend reviewing the terms and conditions and privacy policies of any such vendors (as further discussed below).
We may also use Personal Data to provide you information that we believe may be of interest to you, such as newsletters or information about the services that we offer. You may opt out of receiving such information as described more fully below. Note that you are able to visit our Website without providing Personal Data, but it may be required to fully participate in certain beneficial services like the ones mentioned above.
We may also collect information about your computer hardware and software that does not reveal your Personal Data and cannot be traced back to a specific individual. This information can include your IP address, browser type, domain names, access times, and referring website addresses. We collect this data automatically to help us administer and improve your experience with the Website, to understand how visitors are using the Website, and to perform statistical analysis (e.g., monitoring traffic flow to and from the Website). It may also be used to measure the popularity of services and programs that we offer.
“Cookies” are text files that a web server places on your computer or device to help the web server keep track of information related to your use. Cookies cannot be used to run programs or deliver viruses to your computer, and they are not linked to any Personal Data.
One of the primary purposes of cookies is to personalize your experience when interacting with the Website. For example, if you register with a Sprinter Health service through the Website, a cookie helps the web server to recall your specific information on subsequent visits. When you return to the Website, the information you previously provided can be retrieved, so you can easily use the features that you customized. Cookies also help us to track traffic patterns as noted above to help us improve the Website. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your hard drive. Note that this Privacy Policy covers only our use of cookies and does not include use of cookies by such third parties.
Most web browsers automatically accept cookies, but you can usually modify your browser settings to prevent the acceptance of cookies, and cookies may be deleted at any time. Note that rejecting cookies may prevent you from using certain features of our Website. The “help” section located in the toolbar of most web browsers will provide instructions for disabling the acceptance of cookies.
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Website for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Website, to monitor how many visitors view our Website, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
Third-Party Links:
Our Website may contain links to sites that are not operated by Sprinter Health. You may be asked by those sites to provide Personal Data or to release information you may have provided on our Website. You are not required to provide or release any Personal Data. We may also allow certain “widgets” (i.e., social share buttons) on our Website to allow users to easily share information to social media or other platforms. The third parties that own these widgets may have access to information about your browsing history on websites where the widgets are placed. We encourage you to review the privacy policies of any third-party websites you choose to link from our Website or social media platforms so that you can understand how those websites/platforms collect, use, and share your information. Sprinter Health does not control, and is therefore not responsible, for the privacy policies or other content on third-party websites or social media platforms.
INFORMATION SHARING AND DISCLOSURE
Sharing with Sprinter Health’s Service Providers:
We may contract with third-party service providers to help us administer our Website and related services. These service providers will only have access to your Personal Data for performing the contracted services and are expressly obligated not to use or disclose your Personal Data for any other purpose. To the extent legally permissible, we may also disclose your Personal Data to health care service providers for purposes of medical treatment, consultation, test results, appointment reminders, to disclose your use of the Services, and to deliver content specific to your health condition and other similar activities as applicable.
We may share the computer hardware/software data we collect automatically in the aggregate with third parties for quality improvement purposes, research and analysis, and other similar purposes.
We use Google Analytics to understand the way that our Website’s visitors interact with it. We have enabled the following Google Analytics advertising features: Remarketing with Google Analytics, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, and Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-On. You can find additional information regarding the Google Analytics Opt-Out Browser Add-On at https://tools.google.com/dlpage/gaoptout.
We use Google AdWords remarketing technology to market our Website. We place a cookie on your browser, and then Google reads the cookie and may present an advertisement on a third-party website after you have visited our Website. As discussed above, you may opt to disable cookies in your web browser settings. You may opt out of ad serving on Google’s Opt-Out page at http://www.google.com/settings/ads.
We also use Facebook Advertising remarketing technology to market our Website. Facebook may use cookies to collect or receive information from our Website and other websites using that information to provide analytics and advertisement targeting. You can opt out of the collection of ad targeting related information by following Facebook’s Opt-Out instructions available on Facebook’s Help Center. You may also opt out of Facebook and other web tracking technologies through the Digital Advertising Alliance at http://optout.aboutads.info.]
DO NOT TRACK SIGNALS
“Do Not Track” signals are requests by web browsers to disable a web application’s tracking of website or cross-site traffic. California law requires us to disclose how we respond to such Do Not Track signals. Our Website does not have the capability to respond to any Do Not Track configuration set in your web browser, so we do not disable tracking or take any other action in response.
CHILDREN’S PRIVACY
Our Website is not directed to or intended for children under the age of 13 and we do not knowingly collect personal information from such children without parental consent. If we find out that we have inadvertently collected personal information from a child under the age of 13, we will take steps to remove such information from our systems. If you are under the age of 13, please consult a parent or guardian for help.
OPT-OUT
As noted previously, we may send you free newsletters and/or promotional information about services that we provide. When you receive such communications from us, you will have the opportunity to “opt out” by following the unsubscribe instructions provided in the email you receive.
NOTICE TO CALIFORNIA USERS AND RESIDENTS
California law allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding our Website, please send an email to [email protected]. You may also contact us by writing to Sprinter Health, Inc., 4600 Bohannon Dr., Suite 100, Menlo Park, CA 94025. California residents may reach the Consumer Information Center of the California Department of Consumer Affairs may be contacted in writing at 1625 North Market Blvd., Suite N-112, Sacramento, California 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of Personal Data that we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: Sprinter Health, Inc., 4600 Bohannon Dr., Suite 100, Menlo Park, CA 94025.
CHANGING OR DELETING PERSONAL INFORMATION
If you wish to update, delete, or correct any Personal Data you have provided through our Website, you may:
Send a written request to: Sprinter Health, Inc., 4600 Bohannon Dr., Suite 100, Menlo Park, CA 94025.
Send an electronic request to: [email protected]
Call (913) 777-4680 to submit a verbal request.
SECURITY
Data Security
Sprinter Health encrypts all data at rest and in transit. We use tools like AWS's KMS to manage encryption keys and AWS's CloudWatch / CloudTrail to record all data access both internally and externally, in line with industry best practices. We secure the data entrusted to us by our patients and partners with both role-based and individual-based authorization controls at a granularity consistent with the principle of least privilege.
Application Security
Sprinter Health regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate both the running application and the deployed environment for possible vulnerabilities and misconfigurations.Sprinter Health also uses high-quality static analysis tools like Snyk and GitHub's Dependabot to secure our product at every step of the development process.
Infrastructure Security
Sprinter Health uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, Inspector, Secrets Manager, and Config, as well as Vanta for continuously monitoring our infrastructure, devices, vendors, and people for adherence to our security / compliance policies.Our application is entirely serverless, meaning we do not manage servers or EC2 instances in production, leveraging AWS managed services whenever possible.
OTHER QUESTIONS OR COMMENTS
If you have any questions about this Privacy Policy, or any questions or concerns about our collection, use, or disclosure of your Personal Data, please contact us using any of the methods listed immediately above.